Systems for managing mobile devices, such as Enterprise Mobility Management (“EMM”) and Mobile Device Management (“MDM”) systems, typically rely on the built-in functionality of an e-mail server and its associated communication protocol to control access for enrolled mobile devices.
For example, MICROSOFT's Exchange ActiveSync (“EAS”) is a communications protocol that provides mobile device management, policy controls, and synchronization of e-mail and other information between a server and a mobile device. EAS-based e-mail servers utilize a unique identification number for each device and mail client that connects. Because EAS-based e-mail servers recognize individual devices and mail clients based on a unique identification number, a system administrator can decide to allow or block access to the e-mail server on a device-by-device basis and for particular mail clients. In other words, the system administrator can instruct the EAS-based e-mail server to allow or block requests associated with particular unique identification numbers.
However, this type of device-specific control only exists for certain e-mail clients. Other e-mail clients—such as OUTLOOK for Mac, Mail for Mac, and others—access e-mail servers utilizing protocols that lack device-specific control. For example, OUTLOOK for Mac and Mail for Mac currently leverage MICROSOFT's Exchange Web Services (“EWS”) instead of EAS. Unlike EAS e-mail clients, client requests to an EWS-based e-mail server do not include a unique request identifier that identifies the particular device requesting access. As a result, a system administrator cannot choose to allow or block specific devices. At best, the system administrator can only choose to allow or block a particular type of e-mail client as a whole. This lack of granularity in control is not satisfactory.
For example, a system administrator of an EMM system would like to be able to grant or deny access to an EWS-based e-mail server based on the device's compliance and enrollment statuses. But without a way to uniquely identify the device requesting access to the EWS-based e-mail server, this level of control is unavailable.
A need exists for systems and methods for providing device-specific access to an e-mail server, including an EWS-based type of e-mail server, among others.